Kali Linux – What’s new?

Kali Linux – What’s new?

Sep 1 2013

Kali Linux released earlier in the year is dubbed the most advanced penetration testing distribution, ever. How does it compare to BackTrack? and; What’s the difference?

Introduction

For some years BackTrack linux has been the premier pen-test distribution. The newest pen-test distribution released by Offensive Security which supersedes BackTrack comes with some massive and welcome improvements. The biggest change from BackTrack is the move from Ubuntu linux to Debian Wheezy linux. The first thing I notice is that the installation is no longer launched by executing a script on the Desktop as it was with BackTrack, but is initiated but booting into a proper Debian installation system. The process generally feels a lot smoother from the start. I have also noticed that in general Kali doesn’t break as easily as Backtrack and it generally has a much more stable feel to it. So what’s the difference between BackTrack and Kali?

BackTrack 5 v Kali

Ubuntu, which BackTrack is based on, has a general feel to it that it is trying to babysit you as the user, which can be annoying to an experienced linux user. Ubuntu likes to make everything user friendly and tries to cut out any complex configurations. Debian, which Kali is based on, may not come across to be so ‘user friendly’ to someone who is not that experienced with linux, and requires more hands on experience with linux, but is generally more configurable and stable. Personally, I definitely prefer the Debian base for Kali as I like to tweak. This distribution is not for linux newbies in any case.

What Happened to Firefox?

One of the first things I notice is that Firefox has been replaced by Iceweasel. On first instance this might leave you wondering what Iceweasel is and why it has replaced Firefox. The truth is that Iceweasel IS Firefox. The Debian project patches Iceweasel by backporting security fixes, thus making it secure enough to be declared in debian stable version. Because this is the case they had to re-brand it Iceweasel as the modifications made by Debian project were not approved by the Mozilla foundation in order to use the Thunderburd logo. Other than backported security patches and the logo, both Firefox and Iceweasel are identical. I would recommend staying with Iceweasel on Debian, but if you really want to use Firefox you can install it in the following manner by first uninstalling Iceweasel.

FHS-compliance and /pentest

Another massive step in the right direction is FHS-compliance. File Hierarchy Standard (FHS) compliance specifies guiding principles for each part of the file system, and means that the directory structure and file system is standardised such that software and users can easily find the location of installed files such as binaries and libraries. This will also lead to a more stable system in general.

In BackTrack, every pen-test tool which you wanted to use you either had to express the full pathname to the tool e.g. /pentest/passwords/rainbowcrack/rcrack or change to the directory in order to use it. Kali no longer uses the /pentest directory tree, and all command line pen-test tools seem to be located in /usr/bin. Pen-test tools are now in path and can now be fired up from anywhere in the system. I certainly don’t miss the /pentest directory. This certainly makes life a whole lot easier.

No Nessus

Nessus does not come installed with Kali and is not available in the Kali repositories. One reason for this could be that Kali linux is based on Debian Wheezy (Debian 7), however if you check the available downloads from the tenable website, they have only released a version of Nessus for version 6 of Debian. Another reason for this may be because Nessus is more of an audit and compliance benchmarking tool than a pen-test tool, and perhaps it was thought too bloated to include. Nessus is certainly something I see more of installed on dedicated servers these days. However if you want to install it, the Debian 6 version of Nessus which can be downloaded from the tenable website will still work. The only other possible reason for not including Nessus is that Nessus is forbidden in the Penetration Testing with BackTrack(PWB) Course (which will probably get a new name now because of Kali). Offensive Security encourages all of its PWB students to use more specialised and targeted tools to perform enumeration and discovery. Further, different tools quite often output different results, so it’s best to use more highly targeted tools in a pen-test to get specific results rather than the results of a generalised scan or vulnerability assessment tool such as Nessus.

Other Notable Changes

Kali uses Leafpad instead of gedit which is a much lighter weight text editor than gedit. It is also noticeably faster. But if you want to use gedit it is still available in the Kali respository with a simple apt-get install gedit. Gedit may appear bloated to some unless you are interested in syntax highlighting. Personally I like syntax highlighting, but have a habit of writing all my code in vim from the terminal window which has this functionality anyway – each to their own I guess. Here’s a list of some other welcome changes:

The PDF viewer which was used in BackTrack has now been replaced with Document Viewer which is great since I found the PDF viewer a bit flakey.

You can now easily create your own custom ISO of Kali by using Debian live-build scripts.

Kali comes with VLC player pre-installed which was not included in BackTrack.

I’ve also noticed that the ISO image for Kali is almost 1GB smaller than the BackTrack 5 R3 ISO.

Upgrading to Future versions of Kali

If you had BackTrack 4 installed and wanted to upgrade to BackTrack 5, the only way you could have achieved this was to do an entire reinstall. This would be time consuming, and mean you would have to re-configure everything back to the way you wanted it, and customise all your tools again. With Kali however, an upgrade to future major releases can be done by simply issuing the following commands:

The Kali repository gets its security packages from the Debian repository, and all of its tools are now packaged up to be Debian compliant.

Summary

In summary, Kali linux feels a lot smoother to work with than BackTrack, whilst most of the tools remain fairly similar or unchanged; the main overhaul to be commended on is the overall improvement in the quality of the distribution from the move to Debian. It now feels like a complete distribution with far less flakiness and a lot more stability. For a duck dive into the pen-test tools which ship with Kali, I would recommend doing Offensive Security’s Penetration Testing with BackTrack(PWB) course which will familiarise you with all the tools necessary to conducting a complete penetration test with reporting. The main advantage you will notice is that the tools are now all in path with Kali. The only advice I have in pursuing this course is to get permission from your other half, as it will take a good couple of months out of your life, but is extremely fun, addictive, and rewarding with all the breakthroughs you will have. Well done to the Offensive Security Team for creating such an improved distribution, and good luck with your Kali experience.

About the author

Steven McLaughlin is an experienced information and network security professional. With both a technical and consulting background, he has been heavily involved in working with global companies developing solutions and delivering large scale projects. He also works in highly specialized teams in order to develop new ideas and patents and bring new products to market.